Archive for the ‘News’ Category

As the world’s leading IPv6 training company, we are pleased to announced that we will be running some of our most popular IPv6 courses in Edinburgh, UK during 2017.

These include our comprehensive 5-day Implementing and Securing IPv6 course which covers all that you need to deploy and secure IPv6 in your networks.

Erion has over 19 years experience in IPv6. Over that time we have provided IPv6 consultancy and IPv6 training to leading organisations, enterprises and governments world-wide. Throughout the many IPv6 deployments and implementations that we have carried out we have consistently noticed two things; people underestimate the need for IPv6 training and IPv6 training is crucial to success.

Many assume that IPv6 is simply IPv4 with longer addresses. This is naive. Whilst the purpose and basic function of IPv6 is the same as IPv4; that is to route datagrams from a one node to another node (possibly on a different network), the features, functions, attributes and management of IPv6 are very different. Crucially, in many cases what is considered best practice in IPv4 is the opposite in IPv6. This means that staff with extensive experience of IPv4 have to have a change of mindset in order to successfully deploy IPv6.

For this reason, we have created the world’s largest portfolio of IPv6 training courses, covering all aspects if IPv6, across many different platforms and for a wide range of audiences. Continuously updated to reflect the latest standards and best practice our courses are ideally suited to ensure that you are ready to deploy IPv6 in an efficient and safe. Thereby maximising the benefit to your business.

Full details of our upcoming IPv6 training schedule can be found here. Alternatively, we can run on-site IPv6 courses for you at your premises when we can tailor the training programme to meet your exact requirements.

At long last Amazon have announced native IPv6 support for EC2 instances in Amazon VPCs. This is great news for those whose IPv6 deployments have been held back by the lack of native IPv6 support in EC2.

The IPv6 service was first released in a limited deployment in the US East (Ohio) Region back in December 2016. It is now available in all regions.

In Amazon VPCs, public IPv6 address bocks are assigned to VPCs in /56 blocks. You can allocated space out of an assigned /56 block to subnets and instances.

Instances are dual stack, that is they can use both native IPv4 and native IPv6. An instance can use IPv6 addresses to communicate with other instances as well as the wider internet.

In contrast with Microsoft Azure, Amazon is not using IPv6 network address translation (NAT). Azure uses a form of Network Prefix Translation (NPTv6) on their load balancers to map between internal and external IPv6 addresses. Azure is also limited in how IPv6 addresses can be used. You cannot assigned IPv6 addresses to existing VMs, whereas in Amazon EC2 you can assign IPv6 addresses to existing instances. In addition, in Azure, you cannot use IPv6 to communicate between VMs. In EC2 you can.

This is an important move forward in the deployment of IPv6. It is to be expected that the few suppliers who continue to provide a legacy-IPv6 only service will move to deploying IPv6 in the near future.

Further proof of the rise of IPv6 and the decline of IPv4 appeared yesterday with an announcement from the Internet Architecture Board (IAB) that IPv4 is to be declared historic by the IETF. The IAB expects the IETF to stop working on IPv4 and its associated protocols in the near future. Therefore, the IAB recommends that all organisations work to develop an IPv6-only strategy.

This follows closely on a recent draft RFC that moves IPv4 to historic status (draft-howard-sunset4-v4historic-00). Protocols that are moved to historic status are no longer developed by the IETF. This includes all protocols that are IPv4 specific.

These moves reflect the decline of the IPv4 internet and the growing deployment of IPv6. The exhaustion of the IPv4 address pool is severely restricting growth in the IPv4 internet. In addition, it has lead to the widespread adoption of address conservation techniques such as Carrier Grade NAT (CGN) and address transfers that have a negative impact on the function and operation of the internet.

All of these factors make it imperative that organisations look to deploy IPv6. The most common mode of deploying IPv6 is dual-stack. In a dual-stack deployment, IPv6 is usually added to an existing IPv4 network. This has many advantages and often eases the deployment of IPv6 into existing network infrastructure. However, dual-stack networks have some significant disadvantages. Deploying two protocols in a network more than doubles the complexity, increasing the resources required to operate, administer and secure the network. An alternative approach is to deploy an IPv6-only network. In an IPv6-only network, there is only one protocol (IPv6) to support, administer and secure. Furthermore, an IPv6-only network has none of the disadvantages of an IPv4 network, such as limited address space, NAT and CGN.

Support for legacy IPv4 services can still be provided in an IPv6-only network through the use of transition techniques such as NAT64/DNS64, NAT46, SIIT-DC, DS-Lite and 464XLAT.

So, now is the time to deploy IPv6 and to plan for a migration to an IPv6-only network. At Erion we have worked with many organisations to develop their IPv6 deployment strategies and to help them deploy IPv6-only networks today.

Erion has over eighteen years experience of providing IPv6 consultancy and IPv6 training services. We have extensive experience of helping a wide range of types of organisations plan for and deploy IPv6. Please contact us for further details.

If you are preparing to deploy and secure your network for IPv6 then this IPv6 training is for you. Erion brings you the best in IPv6 training. We have extensive experience with IPv6 having provided IPv6 training and consultancy services for over 18 years, longer than any other independent IPv6 training provider. Also, we are proud to have the world’s largest and most IPv6 training portfolio covering all aspects of IPv6 on all major platforms.

The course that you can attend in November, is one of our most popular IPv6 training courses. The course, Implementing and Securing IPv6, is a comprehensive technical course that is ideal for all technologists interested in learning how to both deploy and secure IPv6. It provides all that you need to understand the issues surrounding IPv6 deployment and security and includes comprehensive practical hands-on labs to allow you to gain experience with real-world scenarios.

This training is becoming increasingly relevant in 2016 with the announcements by all of the UK’s major ISPs that they will be turning on IPv6 for their customers this year. Now that over 50% of the world’s major content providers are IPv6 enabled and almost 100% of Internet transit providers are IPv6 enabled, end-users with both IPv6 and IPv4 find that over 70% of their traffic is over IPv6 rather than IPv4.

Furthermore, we already reaching the point where organisations are not only considering moving to IPv6-only networks but have already deployed such networks.

IPv6 is very different from IPv4. The common belief that IPv6 is IPv4 with longer addresses is wrong. IPv6 is made up of many new features and functions which are often widely and subtly different from those in IPv4. Even IPv6 addresses are significantly different from IPv4 addresses, not just in size, but in how they are structured, their types, their attributes, how many their are and how they are used. It is crucially important when deploying and securing IPv6 to move away from legacy IPv4 thinking and fully appreciate the differences from IPv4.

All Erion’s IPv6 training courses are Gold certified by the IPv6 Forum. Our IPv6 security courses are also IPv6 Security certified from the IPv6 Forum.

This course will take place in our Edinburgh, UK venue which is situated in the city centre near to the world famous Edinburgh castle. There are many excellent facilities and hotels within walking distance. Edinburgh is easily reached via Edinburgh airport and by the UK rail and road network.

The training fee includes, access to excellent facilities and the provision of a complimentary breakfast, sit-down lunch and unlimited tea, coffee, biscuits and fruit throughout the day.

This course will be delivered by Erion’s chief consultant Dr David Holder.

In February 2016, we will be running one of our most popular IPv6 training courses in London UK. The course, Implementing and Securing IPv6 is a comprehensive technical course that is ideal for all technologists interested in learning how to deploy and secure IPv6.

The recent announcements by all of the UK’s major ISPs that they will be turning on IPv6 for their customers in 2016, make next year the perfect time to enable IPv6. Now that over 50% of the world’s major content providers are IPv6 enabled and almost 100% of Internet transit providers are IPv6 enabled, end-users with both IPv6 and IPv4 find that over 70% of their traffic is over IPv6 rather than IPv4.

Last week Erion’s David Holder spoke at the immensely successful (and oversubscribed) IoT Scotland 2015 event in Edinburgh. His presentation covered the crucial, but often underrated, topic of IoT integration and standardisation. Interestingly many of the other speakers at this year’s event alluded to IoT standards demonstrating the increasing awareness of how important IoT standardisation is.

This following is a brief summary of the presentation, which can be found here.

IoT: Integration and Standardisation

Making your way through the “Fog”

There are a bewildering array of standards and even standards bodies relating to the Internet of Things (IoT). Choosing between the many competing standards requires a detailed knowledge of their characteristics, benefits and pitfalls. For those seeking to deploy IoT this is a daunting task.

Despite the difficulties, choosing appropriate standards is extremely important. Standards bring many benefits; interoperability, compatibility, functionality, flexibility, longevity, ease-of-use, maintainability and manageability. All of these factors have a direct or indirect impact on the bottom line. For example, IoT devices are often built into infrastructure that may have lifetimes stretching into years and decades. It is highly desirable that the standards will last over the same period and is particularly desirable that the risk of having to replace IoT infrastructure prematurely due to choosing a legacy standard is mitigated by choosing IoT standards with a long shelf life. Standards do not just affect capital costs. Choosing common, well-known and widely supported standards has an impact on your support staff’s ability to maintain and manage your IoT infrastructure on an ongoing basis.

Unfortunately, the huge number of standards and ironically the large number of standards bodies makes selecting the best for your IoT deployment extremely difficult.

The ideal set of standards would allow every device to talk to every other device directly (Device to Device communication), and allow each device to access and be accessed from the global Internet. In a perfect IoT world, there would be no need for intermediate systems to allow devices to talk to each other or to communicate with the Internet. A single standard would work across all networks and provide a unified platform for the widest range of IoT solutions.

Today’s reality is very different from the ideal. Current IoT systems are “Vertical Silos” with islands of devices using one standard or one vendor’s product that cannot communicate directly with each other or the Internet. These vertical silos often tie IoT solutions to a single type of network. For example, they may work on IEEE 802.15.4 (a common IoT radio standard) but they do not work over Bluetooth, WiFi or other radio technologies. Worse, if you need to integrate devices across different networks, standards or vendors then you are force to deploy “Upperware”, additional systems that provide a high-level way of bridging between the islands of IoT and the Internet.

Naturally, this is undesirable. Ideally, your IoT standards would allow all devices to talk to each other regardless of the network they are on and would allow them to communicate with the Internet. You would also like your IoT standards to fulfil all the other benefits of standards such as longevity and manageability. One set of standards that meets this description is the set of standards that underpins the global Internet. These protocol standards include the Internet Protocol (IP). IP is familiar to network managers, systems administrators and application developers alike. It is likely to be around for a very long time, just as the current Internet has been in existence for many decades already. It is specifically designed to work across many different network types and IP makes possible direct communication between all devices and the Internet.

The bad news is that the legacy version of the Internet Protocol (IPv4) that is in current use on many networks today is not suitable for IoT. The main reason for this is that IPv4 has run out of addresses. It has none available for current requirements never mind the tens of billions and maybe even trillions of IoT devices. Worse, the IPv4 Internet has only been kept going through the increased use of address sharing using techniques such as Network Address Translation (NAT) and Carrier Grade NAT (CGN). These techniques break exactly the functionality that we wish to use with the IoT. Specifically, NAT and CGN break the end-to-end connectivity that allows devices to talk directly to each other and the Internet. For these reasons, and others, IPv4 is not a solution, even though it has the characteristics that we need from a ubiquitous IoT standard.

Thankfully there is a long-term solution to the limitations of IPv4, that is the next version of the Internet Protocol; IPv6. IPv6 has a practically limitless number of addresses, it has no NAT or CGN to impeded connectivity, it performs better, works over all radio and network technologies, is well understood due to its widespread deployment and is expected to have a very very long life.

In addition, there is version of IPv6 that is specifically design for IoT devices. It is called 6LowPAN. 6LowPAN is an IPv6 standard for Low power and lossy networks (LLNs). 6LowPAN ticks all the boxes for an ideal IoT network standard. It works across many different radio and networking technologies providing a common protocol for IoT devices. It allows direct communication between devices and with the Internet. It uses technologies that are familiar to network managers, systems administrators and software developers and it is specifically designed to work in IoT networks.

Today IPv6 is widely implemented and available on the global internet. Nearly 100% of the Internet backbone supports IPv6. Over 50% of the major content providers in the world are IPv6 enabled. In many parts of the world, IPv6 is a standard feature of consumer and business broadband services. In the UK, broadband ISPs are eventually beginning to roll out IPv6. This is removing the final hurdle for the widespread use of IPv6 in the UK. Interestingly, when an end user has both IPv4 and IPv6 they find today that on average over 70% of their traffic is over IPv6. Better still, they benefit from the lower latency and the removal of IPv4 impedances such as NAT and CGN.

So where does this leave IoT standards? There are still a huge number of contenders, including large players such as Zigbee. Despite this, we are seeing a steady and increasing move to the use of 6LowPAN. A number of key products and technologies have adopted 6LowPAN. For example, Google’s Nest is based on a 6LowPAN solution called Thread. In addition, even Zigbee one of the largest pre-6LowPAN IoT players has announced Zigbee-IP that is 6LowPAN based. So overall, we are seeing an industry that is gradually showing a move to 6LowPAN or IPv6 based solutions. The enormous size of existing IoT deployments and investments means that it is likely to be some time before 6LowPAN becomes the clear winner, however we can be pretty confident be so eventually.

The implications are clear, whatever other constraints you may have on your choice of IoT technologies, and there are many, it is clear that you should ensure that you are prepared for IPv6 and 6LowPAN to play a significant role. Even if you have been forced to invest in other technologies because a 6LowPAN solution was not available, you should expect that in the long term you will need to deploy 6LowPAN as well or even migrate your current deployment to 6LowPAN.

Allocation of IPv4 addresses in future will be strictly limited. A small number may be allocated to those who meet the criteria from a final /8 block reserved for the period of transition to IPv6. If you can justify a requirement then you will receive a single /22 which represents only 1024 addresses. The alternative is obtaining IPv4 addresses through the transfer process.

The only long term solution for Internet users is the transition to IPv6.

IPv6 provides a huge address space and many improvements over IPv4. A key improvement is that IPv6 removes the limitations placed on the IPv4 Internet by having to preserve IPv4 addresses through address sharing (CGN and NAT). This makes possible innovative applications and potential improvements in performance.

Today large parts of the current Internet are IPv6 enabled. Most of the major content providers are IPv6 enabled (over 50% of the world’s top web-sites) and users with both IPv4 and IPv6 find that the majority of their traffic is carried over IPv6 (70+%).

In addition, IPv6 provides the address space and functionality required by the Internet of Things (IoT). IPv4 has never been an option for supporting IoT.

At Erion we have been providing IPv6 training and IPv6 consultancy for over 17 years. We are well placed to help you with your IPv6 deployment. We have the world’s most comprehensive IPv6 training portfolio and we have extensive experience with migrating enterprise environments to IPv6.

In line with the other large ISPs in the UK, BT has announced the deployment of IPv6. They have set a deadline of the end of 2016 for their entire network to be IPv6 enabled.

This is fantastic news for end users in the UK.

The IPv4 Internet has been kept operating using a number of techniques to preserve IP addresses. These techniques have degraded functionality and put a limit on innovation and growth. IPv6 removes these limits and provides a higher quality of service to end users.

IPv6 provides an end-to-end service that is not impeded by Network Address Translation (NAT) or Carrier Grade NAT (CGN). As a result IPv6 can bring performance improvements and makes innovative applications possible.

IPv6 is a foundational technology for the Internet of Things (IoT) where billions and possibly trillions of addresses will be required. Today many of the leading IoT technologies are being based on an IPv6 using 6LowPAN.

Erion has been providing IPv6 training and IPv6 consultancy for over 17 years. We are well placed to help you with your IPv6 deployment. We have the world’s most comprehensive IPv6 training portfolio and we have extensive experience with migrating enterprise environments to IPv6.

The two courses are our; Implementing and Securing IPv6(5-day) and our IPv6 for Software Developers (4-day). These two courses have been used to training thousands of software developers, system administrators and network managers world-wide. They have been developed over a period of 17 years.

The Implementing and Securing IPv6 course covers all aspects of IPv6 deployment and security in comprehensive detail. It is ideal for all technical staff wishing to learn more about IPv6. This 5-day course covers all the topics in our popular Implementing IPv6(4-day) and Securing IPv6(3-day) course. This is an intensive course ideal for those who do not have the time to attend both the 4-day and 3-day courses. This course includes extensive practical hands-on IPv6 exercises. The default platform for this course is Linux but we can arrange for the hands-on exercises to be carried out on other platforms including Cisco IOS.

The IPv6 for Software Developers provides all that developers need to write best-practice IPv6 enabled code. The course includes extensive hands-on practical exercises that cover not only the programming aspects of IPv6 but also the various aspects of IPv6 networking that help developers understand the issues behind writing effective IPv6 enabled applications.

All Erion’s IPv6 training courses are Gold certified by the IPv6 Forum. Our IPv6 security courses are also IPv6 Security certified from the IPv6 Forum.

Our Edinburgh, UK training location is situated in the city centre near to the world famous Edinburgh castle. There are many excellent facilities and hotels within walking distance. Edinburgh is easily reached via Edinburgh airport and by the UK rail and road network.

The training fee includes, access to excellent facilities and the provision of a complimentary breakfast, sit-down lunch and unlimited tea, coffee, biscuits and fruit throughout the day.

Erion is the world’s leading provider of IPv6 training. We have the largest portfolio of IPv6 training courses, suitable for all audiences, covering all aspects of IPv6 on all major operating systems and platforms. Erion’s courses are certified by the IPv6 Forum and are part of the Erion IPv6 Certified training programme. In addition to our public IPv6 training schedule, we also provide IPv6 training as on-site courses and we provide Erion Modular IPv6 Training which allows for a bespoke training programme to be created based on our hundreds of IPv6 training modules.For further information please contact us on +44 (0)1422 207000, enquiry@erion.co.uk or through our web-site contact form.

Samba is the world’s leading Windows-Linux integration open source project. Here at Erion we have a long history of working with Samba to IPv6 enable its various components. This year is no different. At SambaXP 2015, Erion’s David Holder gave a presentation on IPv6-only Samba. He described the rational behind the need for IPv6-only Samba deployments, the status of IPv6-only Samba and how to deploy Samba in an IPv6-only environment.

Here is a brief summary of the presentation, the slides for which can be found here.

IPv6 is becoming increasingly common. It is standard in all major operating systems, deployed in all Tier-1 ISPs, available in almost 100% of transit carriers and is supported on 46% of the world’s top web-sites. Today, users that have a dual-stack service from their ISPs (that is they have both IPv4 and IPv6) find on average that 70% of their traffic is carried over IPv6. Furthermore, world-wide the percentage of Internet users who are IPv6 capable is doubling year upon year.

This increase in the use of IPv6 was evident at SambaXP. When asked, over 50% of attendees at the presentation stated that they now use IPv6. In previous years, only a handful were using IPv6.

Today organisations are moving beyond adding IPv6 to create dual-stack networks. Now some are looking to create IPv6-only environments where nodes no longer use IPv4. This change means that Samba now needs to be able to operate not only in dual-stack environments but also in IPv6-only environments. Previously, in dual-stack networks, if Samba had a feature that was not supported in IPv6 then it could drop back to use IPv4. In IPv6-only networks, dropping back to IPv4 is not possible and everything must work over IPv6 and IPv6 alone.

Organisations are moving to IPv6-only networks for a range of reasons. The most obvious is that it significantly reduces network administration. Managing two protocols rather than one not only doubles administration tasks but it can also significantly complicate certain scenarios where IPv6 and IPv4 interact. This particularly true where a mix of transition mechanisms are involved. There are other equally significant reasons for creating IPv6-only networks. In some large IPv4 networks there are multiple islands of duplicated RFC1918 address space. This is a major impediment to network operations and administration. Many ISPs and mobile operators use multiple 10.x.x.x networks internally because their networks are so large. Removing these and replacing them with a single IPv6 network avoids all the difficulties with operating across multi-islands of private address space.

A final growing reason to reduce or remove IPv4 in a network is the growth in the use of Carrier Grade NAT (CGN) in the access networks of ISPs. Content providers and others have no control over where and when an ISP may deploy CGN. However, the deployment of CGN many cause them significant issues. Using IPv6 in addition to IPv4 provides a method of circumventing the problems caused by CGN.

As a result, IPv6-only environments are appearing in an increasing number of networks including those of ISPs, mobile operators, data centres and cloud providers. Samba is used in many of these and environments and it is therefore imperative that Samba be made IPv6-only ready.

Samba is “IPv6 ready”, it works successfully in a dual-stack environment. However, when it comes to IPv6-only operation Samba exhibits issues because some features retain IPv4-only code. Whilst workarounds are possible and the major of functionality is fully IPv6-ready, the current Samba releases are not quite ready for IPv6-only operation. This will change with future releases as we fix the remaining issues.

Once Samba is fully IPv6-only ready there are a number of additional potential benefits.

Internally SMB/CIFS uses large MTU sizes. From SMB 2.1 onwards the use of Multi-Credit allows SMB MTU to go from a maximum of 64KB to multiple megabytes. In Samba, the default is 1MB and in Windows it is 8MB. However, in IPv4 the maximum MTU is 64KB and so it is not possible to reflect the SMB multi-credit sizes of 1MB or 8MB at the network layer. In IPv6, there is support for Jumbograms allowing multi-megabyte MTUs. In theory the use of Jumbograms could lead to performance improvements in SMB over IPv6. In practice, you still need to datalink that can support very large MTUs. Few such datalinks exist. One example is Infiniband. Another possible option in virtualised environments is the use of virtual networks adapters such as virtio. At the moment, virtio supports MTUs up to 64KB even though Ethernet only supports MTUs of 9KB. It is conceivable that in the future this could be extended to allow for IPv6 Jumbograms.

Another possible benefit is the use by IPv6 of Path MTU discovery (PMTU). PMTU allows for an internal network to use the largest possible MTU without increasing the amount of fragmentation taking place within the network. Thereby improving SMB throughput performance. Whilst, in most modern networks, IPv4 also has Path MTU discovery support, IPv6 still has the edge as IPv6 PMTU is mandatory and available on all IPv6 nodes.

There are a number of other potential benefits from using IPv6. These include, for example, the removal of NAT (and CGN) from the transmission path. This makes possible communication using AD protocols and SMB over the wider Internet along with the use of IPsec to secure them. Both things which are difficult or impossible through NAT/CGN. Microsoft has leveraged this benefit in its DirectAccess product that many organisations are using as a replacement for their VPN concentrators.

Configuring IPv6-only Samba is very similar to the configuration of dual-stack Samba. The difference is the absence of IPv4 addresses (except on the loopback interface). The presentation covered a few issues that need to be considered in IPv6-only Samba deployments. These will be fixed in future Samba releases.

Finally, there was a demonstration of IPv6-only Samba operation and a discussion of IPv6-only Samba related topics.